Categories: SecuritySoftware

Most Phishing Scams Fail But Enough Succeed

Ever wonder what percentage of people are clicking on those e-mails leading to fraudulent bank login pages? The answer is very little – more than enough for phishers to still make a killing.

New research from security firm (PDF) Trusteer shows that once users had been lured to a phishing site, some 45 percent entered their login information. These findings, taken during a three month analysis, are based on a sample of more than 3 million users of Trusteer’s Rapport browser security service that are customers of 10 large U.S. and European banks.

Each phishing attack compromises a very small number of customers (0.000564 percent), but due the large number of phishing attacks, the aggregated number is significant. Overall, 0.47 percent of the banks’ customers fall victim to phishing attacks each year, translating to between $2.4 million and $9.4 million in annual losses.

With that kind of money at stake, it is important both businesses and consumers learn to recognise phishing e-mails when they see them. In an enterprise environment, that process begins with training.

“Engage the user base when developing a training program (and) view training programs as marketing campaigns to sell security,” advised Rohyt Belani, CEO of Intrepidus. “Teach people through first hand experience (mock phishing exercises followed with instant training/feedback) rather than boring sessions and poster campaigns that couch do’s and don’ts.”

He also suggested rewarding users that consistently dodge phishing attacks, rather than simply penalising those that do not.

“People should have a basic level of suspicion associated with email and understand that just because the “from” address looks authentic, the email contains a personalised salutation and the content is in appropriate context that it is not necessarily where or who it claims to be from,” he told eWEEK. “This will instill a though process of evaluation before acting on email.”

However phishing scams are getting more difficult to detect all the time, particularly in cases of spear phishing, which are targeted attacks, noted Scott Crawford, an analyst with Enterprise Management Associates.

“Message filtration technologies help with this, but as far as awareness goes, users should consider just about any message suspect unless it contains detail that would only be known to the sender (and) recipient – and even then, a skillfully crafted attack can look very believable,” he said.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

16 hours ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

18 hours ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

20 hours ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

2 days ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

2 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

2 days ago